Operating Systems

Scan Operating Systems with cnspec

Scan Linux, Windows, macOS, and Unix hosts against security and compliance best practices with cnspec, locally or over SSH.

cnspec scans the operating system on any host against security and compliance benchmarks: kernel hardening, SSH configuration, file permissions, user accounts, audit logging, and dozens of other controls. It scans the machine it runs on, a remote host over SSH or WinRM, or a container, without leaving an agent behind.

New to cnspec? Read the Quickstart to install cnspec and run your first scan.

Choose your operating system

Linux

Scan Ubuntu, Debian, RHEL, Amazon Linux, SUSE, and more.

Windows

Scan Windows desktops and servers locally or over WinRM.

macOS

Scan macOS systems for FileVault, Gatekeeper, firewall, and more.

FreeBSD

Scan FreeBSD systems for security and compliance.

AIX

Query AIX systems and run custom policies.

OPC UA

Scan Linux-based industrial control systems via OPC UA.

How OS scanning works

Point cnspec at a target and it detects the platform, selects the matching security policy, and reports which checks pass and fail with remediation guidance:

cnspec scan local            # the machine cnspec runs on
cnspec scan ssh user@HOST    # a remote Linux or Unix host
cnspec scan docker CONTAINER # a running container

To read scan output in detail and learn about every output format, see Report Results.

Go further with Mondoo Platform

To continuously scan your fleet, track posture over time, and manage remediation, register cnspec with Mondoo Platform. You can also roll cnspec out with Ansible, Chef, or cloud-init.

Nutanix

Scan Nutanix Prism Central environments against security and compliance best practices with cnspec.

Linux

Scan Linux systems against security and compliance best practices with cnspec.

On this page

Choose your operating systemHow OS scanning worksGo further with Mondoo Platform